Silverlight 5 – Elevated Trust In-Browser

20 Apr

In Silverlight 5 it is possible to enable applications to run with elevated permissions in-browser.

The code snippet below will open Notepad.exe using the AutomationFactory in Silverlight. Using the AutomationFactory requires elevated permissions.


To run the snippet in Silverlight 4 the application must run with elevated permissions and in out-of-browser. In Silverlight 5 it is possible to run the snippet in-browser and with elevated permissions.

There are some requirements that need to be fulfilled to be able to run with elevated permissions in-browser. The XAP file needs to be signed with a certificate present in the Trusted Publishers Certificate store. Furthermore it is necessary to add a registry setting:


Add the following DWORD key "AllowElevatedTrustAppsInBrowser" with 0x00000001.

In order to make development a bit easier running using localhost (or won’t require signing the XAP file or adding the registry setting.

You can download the demo here.

by xamlgeek

12 Responses to “Silverlight 5 – Elevated Trust In-Browser”

  1. Tobias April 22, 2011 at 05:16 #

    Nice post! It sounds so easy, however, it doesn’t work for me. I did exactly what you described: modified the registry, signed the app and started it, but still the app has no elevated trust when running in browser. I checked this using Application.Current.HasElevatedPermissions, which is always false in browser and always true out of the browser. Is there anything that I have missed, maybe something that is not worth to mention for you but I may not know?
    Help is appreciated.

    • trix February 9, 2012 at 12:33 #

      Hi and thanks for the post! It didn’t work for me at the beginning, but I found this, whicht helped me fix the problem. There is a difference in the registry setting between 32 and 64 bit systems. Hope it helps! It works for me now.

      • Silverlight5 February 8, 2013 at 20:22 #

        I have signed the Xap file and also made the registry key change, still does not work. Application.Current.HasElevatedPermissions always return false in the demo sample given in this article.

  2. Fallon Massey April 28, 2011 at 06:24 #

    Requiring a certificate and RegKey for this makes sense to me, although the RegKey might be considered overkill, i.e. you need one of them but not both, IMO.

    However, having those requirements for running a browser inside a browser makes as much sense as asking an axe murderer to carry an extra axe… he’s already comitted to using one anyway.

  3. Rahul January 24, 2012 at 19:26 #


    I need a clarification. I’m in the need of a web application using Silverlight that should work with elevated trust and in browser too. But it is working just like a public site and is it possible to have a public web application with elevated trust? So that finally all the users who agree to install my application should be able to use the same from browser.

    Any help would be appreciated


    • aselan January 2, 2013 at 13:36 #

      Hello, did you get response for this?

      I have similary issue.

  4. parth June 14, 2012 at 11:01 #

    hey can you help me to open cmd using in-browser support for silverlight 5

    dynamic cmd = AutomationFactory.CreateObject(“WScript.Shell”);
    cmd.Run(“cmd.exe” ,1,false);

  5. Will February 12, 2013 at 17:44 #

    I have an in browser Silverlight 5 application with a signed xap using a certificate that allows all uses. I have made the registry changes and all other possible setting related changes for elevated trust. I have installed my certificate into the trusted certificates area and unchecked the enable protected mode for the trusted internet zone. When I publish my app and run it, the Application.Current.HasElevatedPermissions is false. I seem to be stumped. I also tried using the create test certificate and deploying but no change. Any ideas?

  6. Chirag August 14, 2013 at 08:22 #

    Hello Every one
    i am try to add registry key (64 bit system) and sign xap with test certificate it’s run perfectly within localhost but when change localhost to ip address it ‘s gives application is not elevated

  7. theengineerblog2 January 9, 2015 at 14:30 #

    any solution on this?

    i have same problem when running in localhost, COM object can run in silverlight but not in ip address url.

    it give this error
    at MS.Internal.CoreInvokeHandler.InvokeEventHandler(UInt32 typeIndex, Delegate handlerDelegate, Object sender, Object args)
    at MS.Internal.JoltHelper.FireEvent(IntPtr unmanagedObj, IntPtr unmanagedObjArgs, Int32 argsTypeIndex, Int32 actualArgsTypeIndex, String eventName, UInt32 flags)
    System.NotSupportedException: [ComAutomation_FeatureBlocked]
    Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See
    at MS.Internal.Error.MarshalXresultAsException(UInt32 hr, COMExceptionBehavior comExceptionBehavior)
    at MS.Internal.XcpImports.CheckHResult(UInt32 hr)
    at MS.Internal.ComAutomation.ComAutomationNative.CreateObject(String progID, IntPtr& nativeObject)
    at MS.Internal.ComAutomation.ComAutomationServices.CreateObject(String progID, ComAutomationParamWrapService paramWrapService)
    at System.Runtime.InteropServices.Automation.AutomationMetaObjectProvider..ctor(String progID, Boolean create)
    at System.IO.Ports.SerialPort.RegisterCom()


  1. Silverlight 5 beta « xamlgeek - April 20, 2011

    […] Trusted Apps in Browser […]

  2. Silverlight 5 – Elevated Trust In-Browser – - April 21, 2011

    […] XAMLGeek There are some requirements that need to be fulfilled to be able to run with elevated permissions […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: